Because that iTunes update might not be what you think it is.

The pop-up will seem innocuous. Would you like to update your software to the latest version of iTunes? Click OK, and unwittingly, you’ve just invited a surveillance company’s access to your microphone (to listen to you), your camera (to watch you), your documents (to delete or change them), and your keyboard (to log everything you type).

advertisement

advertisement

This is no privacy nerd’s dystopian fantasy. Spyware companies actively market these kinds of capabilities and sell them to repressive governments, which then use the tools against journalists, human rights activists, and pro-democracy supporters. That’s what Privacy International says happened to three Bahraini activists who found themselves imprisoned by the Bahraini government after software called FinFisher–sold by British company Gamma International–infected their computers. (Privacy International has now filed a criminal complaint against Gamma.)

And what’s to stop the sellers? Spyware like FinFisher contributes to a multi-billion dollar business. But until last week, activists had few ways to defend themselves, aside from the well-placed bit of duct tape over the computer camera and rigorous digital hygiene practices. That’s why Amnesty International, Privacy International, Digitale Gesellschaft, and the Electronic Frontier Foundation rolled out a new tool, called Detekt, that lets you know when you’ve been hacked.

“If the last 10 to 15 years of spying has been interception, search and seizure, and detaining, this is the future of government spying,” says Privacy International deputy director Eric King. “Detekt has only been up for a day, and I know there’s already been hundreds of thousands of hits on the website. My inbox is full of people who have been infected.”

Anyone can freely download Detekt’s open-source software, but if the tool does detect spyware, getting rid of it is another matter entirely. The Detekt website does link to instructions to help people clear their machines, but it’s also no safeguard against the NSA or GCHQ’s sophisticated mass surveillance methods, the likes of which were revealed by Edward Snowden in June of 2013.

“Just because this is the type of thing that these agencies do doesn’t mean we should accept them,” King says. “These are not morally or legally correct things that could be done, and we need to do everything we can to fight against it.”

Detekt is still one small defense against a murky legal framework in which governments can purchase these tools and use them to pressure, imprison, or torture opponents. Privacy International has filed a number of complaints against spyware companies, and the organization also keeps track of their governmental clients on this map.